Risk Management Policy
The Risk Management Policy is central to the M_o_R approach as it communicates why and how Risk Management is to be implemented throughout the organisation with the intention of accomplish uniformity across the Risk Management Process and the aim to remove ambiguity.
The typical Risk Management Policy Document should include the following
- Risk appetite and capacity
- Risk tolerance and thresholds
- Procedure for escalation and delegation
- Roles and responsibilities
- Glossary of terms
- Risk management process
- Key Performance Indications and Early Warning Indicators
- When risk management should be implemented
- Quality assurance
- Annual review
It is important that the Risk Management Policy be periodically reviewed and updated at least once a year if no change has occurred such as purchases or company expansion etc.